[keycloak-user] KC 1.9.4 Error during

Gregory Orciuch g.orciuch at gmail.com
Wed Jun 1 04:12:21 EDT 2016


Which seems to be a bug in KeyCloak. it should log an error or throw some
clear exception.
Where is the best place to record the bug for same?

BR,
Gregory

2016-06-01 10:10 GMT+02:00 Emil Posmyk <emil.posmyk at gmail.com>:

> yes, after removing underscore everything is working fine now, thanks
>
>
> *regards*
> *--*
>
> *Emil Posmyk*
>
> 2016-06-01 9:02 GMT+02:00 Marek Posolda <mposolda at redhat.com>:
>
>> Yes, that's possible. According to http://www.ietf.org/rfc/rfc952.txt
>> the underscore is not valid character in hostname. Maybe it causes issues
>> with Apache HTTP client. If you have possibility to remove underscore, it
>> worth a try though.
>>
>> Marek
>>
>>
>> On 31/05/16 16:21, Gregory Orciuch wrote:
>>
>> Hi,
>> I dont get it. How the truststore/keystore properties are related to not
>> having hostname in the returned URL ?
>>
>> truststore is usually taken by java low level SSL stack (unless KeyCloak
>> using own ssl stack) and even if wrong it does produce PKIX exception which
>> is not in Emil's stack trace.
>>
>> I suspect the underscore "_" in the  "auth-server-url" or, the name is
>> not resolved by DNS from KeyCloak server perspective.
>>
>> BR,
>> Gregory
>>
>>
>> 2016-05-31 15:05 GMT+02:00 Marek Posolda <mposolda at redhat.com>:
>>
>>> Does your keycloak server have certificate signed by known CA authority
>>> or are you using some self-signed? If you have self-signed, you also need
>>> to configure truststore. See
>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/ch08.html#adapter-config
>>> and especially properties related to truststore.
>>>
>>> Marek
>>>
>>> On 31/05/16 15:00, Emil Posmyk wrote:
>>>
>>> sorry, i forgot to finish title
>>>
>>> {
>>>   "realm": "Brandpath",
>>>   "realm-public-key": "key.....",
>>>   "auth-server-url": "https://sabdev_oms.brandpath.net/auth",
>>>   "ssl-required": "external",
>>>   "resource": "oms-web",
>>>   "credentials": {
>>>     "secret": "secret"
>>>   },
>>>   "use-resource-role-mappings": true
>>> }
>>>
>>>
>>>
>>> regards
>>> *--*
>>>
>>>
>>> *Emil Posmyk *
>>>
>>> 2016-05-31 14:26 GMT+02:00 Marek Posolda < <mposolda at redhat.com>
>>> mposolda at redhat.com>:
>>>
>>>> How is "auth-server-url" in your keycloak.json configured? If you're
>>>> using relative URI, then you can maybe try to use absolute URI and see if
>>>> it help?
>>>>
>>>> Marek
>>>>
>>>>
>>>> On 31/05/16 14:19, Emil Posmyk wrote:
>>>>
>>>> Hello
>>>>
>>>> I'm reciving error when I try login to our application:
>>>> ClientProtocolException: URI does not specify a valid host name:
>>>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>>>> Http protocol is working fine, no errors, but using https I recive each
>>>> time uri without host name.
>>>> Auth page is working fine.
>>>>
>>>> What can cause that error ?
>>>>
>>>>
>>>> 14:59:22,937 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator]
>>>> (default task-2) failed to turn code into token:
>>>> org.apache.http.client.ClientProtocolException: URI does not specify a
>>>> valid host name:
>>>> <https:/auth/realms/Brandpath/protocol/openid-connect/token>
>>>> https:/auth/realms/Brandpath/protocol/openid-connect/token
>>>> [Server:ms-server1]     at
>>>> org.apache.http.impl.client.CloseableHttpClient.determineTarget(CloseableHttpClient.java:94)
>>>> [Server:ms-server1]     at
>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
>>>> [Server:ms-server1]     at
>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
>>>> [Server:ms-server1]     at
>>>> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:107)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.OAuthRequestAuthenticator.resolveCode(OAuthRequestAuthenticator.java:314)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.OAuthRequestAuthenticator.authenticate(OAuthRequestAuthenticator.java:260)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:112)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>>>> [Server:ms-server1]     at
>>>> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> [Server:ms-server1]     at
>>>> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> [Server:ms-server1]     at
>>>> org.wildfly.mod_cluster.undertow.metric.RunningRequestsHttpHandler.handleRequest(RunningRequestsHttpHandler.java:69)
>>>> [Server:ms-server1]     at
>>>> org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>>>> [Server:ms-server1]     at
>>>> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
>>>> [Server:ms-server1]     at
>>>> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
>>>> [Server:ms-server1]     at
>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>>>> [Server:ms-server1]     at
>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>>>> [Server:ms-server1]     at java.lang.Thread.run(Thread.java:745)
>>>>
>>>>
>>>> * regards*
>>>> *--*
>>>>
>>>> *Emil Posmyk *
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160601/6c7b2761/attachment-0001.html 


More information about the keycloak-user mailing list